shadowbrokers-exploits/windows/Resources/Ep/Scripts/PSP/silivaccine.eps

77 lines
2.7 KiB
PostScript
Raw Normal View History

#In order to get access to the functions you'll need to call,
#include the following files
@include "PSPHelpers.epm";
@include "PerlFunctions.epm";
#To reduce the number of function calls, we pass common data via a struct
#The struct is defined in PSPHelpers.epm
metaData @metaData;
#initialize the struct
init(@metaData);
#you now know
#@metaData.$ip - what the target is being post-processed as
#@metaData.$ipw - just the ip with 'w' on the end to help look in preps
#@metaData.$projectName - if one is found in the preps directory
#@metaData.$driveLetter - where they placed the ops disk, probably d:
#@metaData.$prepsDir - where preps live, probably d:\OPSDisk\preps
#@metaData.$history - bool - did we find a pspConfig.txt file in preps
#it is now up to you to fill in the following as best you can
#@metaData.$vendor - McAfee - AVG - Symantec - etc.
@metaData.$vendor = "SiliVaccine";
#@metaData.$product - Endpoint Protection - Desktop Firewall - etc.
#@metaData.$version - 8.0 - 8.5 - etc.
#@metaData.$installDate - if you know
@record on;
@echo off;
`regquery -hive L -subkey "software\\microsoft\\windows\\currentversion\\uninstall\\{799B414D-4729-4499-B48E-388691FEAF03}" -value "InstallDate"`;
@echo on;
@record off;
@metaData.$installDate = GetCmdData("value_data");
#@metaData.$defUpdates - last time product/virus def's were updated
@record on;
@echo off;
`regquery -hive L -subkey "software\\sts tech-service\\svaccine\\Setting" -value LastUpdateTime`;
@echo on;
@record off;
@metaData.$defUpdates = GetCmdData("value_data");
#@metaData.$logFile - where are the logs stored
@metaData.$logFile = "C:\\Program Files\\STS Tech-Service\\SiliVaccine\\EventLog";
#@metaData.$quarantine - location of quarantine folder
@metaData.$quarantine = "C:\\Program Files\\STS Tech-Service\\SiliVaccine\\Quarantine";
#@metaData.$information - place any additional information here
#functions to use
#You construct $runningConfig. returns true if equal to the previous ops config, else false
#checkConfig also calls createConfig under the covers for you.
string $runningConfig = "silivaccine:@metaData.$defUpdates";
if(@metaData.$history){
if(checkConfig($runningConfig,@metaData)){
echo "\r\rNo change in PSP definitions.\r\r";
} else {
echo "\r\r!!! Updated definitions since last time !!!\r\r";
}
} else {
createConfig($runningConfig,@metaData);
echo "\r\rCreating config now...\r\r";
}
#If no history is found, you can use this to save your config for use on subsequent ops
#createConfig($runningConfig,@metaData);
#Once you've filled in the blanks of the struct as best you can, use this function
#It will wrap the data in XML and place it where it belongs.
writeMetaData(@metaData);